Skip to content
.ca
sign in
2 mincritical

Cyber Centre Daily Advisory Digest — 2026-04-22 (2 advisories)

The Canadian Centre for Cyber Security issued a daily digest highlighting two major security advisories. Notably, Microsoft released an out-of-band update to patch a critical elevation of privilege vulnerability (CVE-2026-40372) in ASP.NET Core, and GitLab released updates to address vulnerabilities across its Community and Enterprise editions.

Sens:ImmediateConf:highAnalyzed:2026-04-22reports

Authors: Canadian Centre for Cyber Security

OOB UpdateCVE-2026-40372GitLabVulnerability.NETMicrosoft .NET

Source:Canadian Centre for Cyber Security

Key Takeaways

  • GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE) to address vulnerabilities in versions prior to 18.11.1, 18.10.4, and 18.9.6.
  • Microsoft released an out-of-band (OOB) security update for .NET 10.0.0 (versions 10.0.0 to 10.0.6).
  • The Microsoft update addresses a critical ASP.NET Core Elevation of Privilege Vulnerability tracked as CVE-2026-40372.

Affected Systems

  • GitLab Community Edition (CE) versions prior to 18.11.1, 18.10.4, and 18.9.6
  • GitLab Enterprise Edition (EE) versions prior to 18.11.1, 18.10.4, and 18.9.6
  • Microsoft .NET 10.0.0 (versions 10.0.0 to 10.0.6)

Vulnerabilities (CVEs)

  • CVE-2026-40372

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No detection rules are provided in the advisory.

Detection Engineering Assessment

EDR Visibility: Low — The advisory only lists vulnerabilities and patches; no specific exploitation behaviors or indicators are provided for EDR to detect. Network Visibility: Low — No network signatures or traffic patterns are detailed in the advisory. Detection Difficulty: Hard — Without specific exploitation details or IOCs, detecting exploitation of these vulnerabilities relies on generic anomaly detection or vendor-specific vulnerability scanning.

Required Log Sources

  • Application Logs
  • System Event Logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Look for unexpected child processes or anomalous file writes originating from GitLab or ASP.NET Core worker processes, which may indicate successful exploitation.Process creation events, File modification eventsExecution / Privilege EscalationMedium

Control Gaps

  • Vulnerability Management

Key Behavioral Indicators

  • Anomalous process ancestry involving web server processes

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Apply GitLab patches 18.11.1, 18.10.4, or 18.9.6 to affected CE and EE instances.
  • Apply Microsoft .NET 10.0.7 Out-of-Band Security Update to address CVE-2026-40372.

Infrastructure Hardening

  • Ensure public-facing applications are regularly scanned for vulnerabilities and updated promptly.

User Protection

  • N/A

Security Awareness

  • Monitor vendor security advisories for out-of-band patches requiring immediate attention.

MITRE ATT&CK Mapping

  • T1190 - Exploit Public-Facing Application
  • T1068 - Exploitation for Privilege Escalation

Related